Memory devices such as memory cards can be thought of as divided into two classes--"smart cards" which have a microprocessor in addition to a main storage unit, and "memory cards" which have only memory but no programmable (or programmed) microprocessor.
Because of the processing capability available in smart cars as a result of the on-board microprocessor, there are numerous security techniques useful with such cards for protecting the integrity of the data stored on the card. Thus the on-board microprocessor can perform various functions in checking PIN numbers, hand shaking with a processor in an external terminal, performing, enciphering and deciphering operations on-board the smart card, and other techniques all prior to allowing access to the main memory on the card. Thus, significant capacity is available for insuring the integrity of the data in a smart card.
However, in memory cards which do not have the power of an on-board microprocessor, the capacity for performing security checks before allowing access to the main memory is substantially more limited. In a memory card typically the data, address and control lines of the main memory modules are coupled directly to the card outputs and are thus available for read out either in a terminal for which the card is intended or otherwise. Thus, the opportunity is available for someone intending to breach the security of the internal memory to directly access the memory device if reasonable care is taken in interfacing the data, address and control lines of the memory elements which are all readily available at the card connection points. Even when the card is used in a terminal for which it is intended, security functions are usually desirable, such as insertion of a PIN number by a user, or some means of insuring, based on a check of card stored information and terminal supplied processing power that the two are of intended compatability before memory access is allowed.
With only hard wired logic elements at most available on a memory card for performing the security function, insofar as applicant is aware, the techniques which have been made available for securing the stored information are not as reliable as could be desired.
The security issue will be further developed with reference to FIG. 7 which shows a configuration of a conventional memory card having on-board semiconductor memory which is substantially non-secure. The portable semiconductor memory card 1 of FIG. 7 carries an on-board semiconductor memory 4, usually comprised of an array of semiconductor memory devices 4a-4n. The address lines of the semiconductor memory devices 4a.varies.4n are coupled together to form an address bus 14, and the data lines coupled together to form a data bus 15. The address bus 14 and data bus 15 are elements of an interface bus 40 comprising address lines 14, data lines 15, and control lines including a card select signal line 16, a write enable signal line 17 and an output enable signal line 18. The address, data, and control lines provide access to the semiconductor memories 4a.varies.4n in conventional fashion. The card select signal on line 16 is utilized to enable the semiconductor memory elements in a manner which will be described below.
One further connection is provided from the terminal into which the memory card is inserted, and that is a supply of power which is coupled to power supply line 11. A power supply sensing and changeover circuit generally indicated at 2 senses the application of power to the line 11, and couples that applied power to the remaining circuitry for operation. It is noted that to maintain the information in the semiconductor memory 4 during the substantial intervals when the card is not inserted in the terminal, a stand-by battery 6 is used to supply power to internal power bus 9 via current limiting resistor 7 and a reverse poled charge prevention diode 8. However, whenever the card 1 is plugged into a terminal and a source of power is connected to external power bus 11, a sensing module 3 within the power supply changeover circuit 2 senses the voltage level on the bus 11 and in response thereto switches on a pass transistor 12 and thereby couples the external power source to the internal power bus 9. In addition, the sensing module 3 within the power supply changeover circuit 2 applies a high logic signal on output line 13 which in turn is coupled to a G input of a memory select circuit 5, providing a preliminary enabling signal to the circuit 5. Thus, whenever the power applied to the external bus 11 is higher than that supplied by the battery 6, that condition is sensed by the power supply changeover circuit 2 and the sensing module 3 thereof performs two functions, namely (a) switches on the pass transistor 12 in order to supply external power to the internal bus 9 and (b) couples a high logic enabling signal to the control line 13 providing the preliminary enabling signal to the memory selection circuit 5.
It is seen that the memory selection signal 5 has a series of outputs S.sub.1 -S.sub.n which are coupled respectively as enabling inputs 19a-19n to associated semiconductor memory devices 4a-4n. A selected one of those output lines is individually driven low depending upon the address signal coupled to the address inputs A.sub.n of the selector module 5. Thus, the higher order address bits from the address bus 15, which are coupled to the individual lines of address input A.sub.n are used to select which of the semiconductor memory devices 4a.varies.4n will be active at any given time. It is noted that the address inputs and G input of selector 5 are provided with pullup resistors 10 to assure that all memory devices 4a.varies.4n are disabled except when the inputs are intentionally driven low.
A final input to the memory select circuit 5 is the G which is coupled to the card select signal line 16 which is an element of the control lines of the interface bus 40. Thus, whenever the particular memory card 1 is selected, the external terminal couples a low logic signal to the line 16, and thus provides an enabling signal to the G input of selector 5.
In summary, when power is applied to the external bus 11, the G input of select circuit 5 is driven high. Subsequently, when the card select input 16 is driven low, the G input of select circuit 5 is driven low, thus enabling the outputs of select circuit 5 to respond to the logic levels on the address inputs. Thus, the external terminal couples address signals to the high order bits on the address bus 15 which serve to individually select the outputs S.sub.1 -S.sub.n of the selector 5 and in turn individually enable the semiconductor memory devices 4a-4n. When enabled, a semiconductor memory device responds to address signals on the address bus 15, to write or read signals and enable signals on the control lines 17, 18 to either write information into the addressed semiconductor memory location from the data bus 15 or read the information stored in the addressed location out onto the data bus 15, both for interfacing with the external terminal.
With that understanding of a conventional memory card 1, it will be appreciated that the semiconductor memory 4 is in a relatively non-secure state. The data lines of the semiconductor memory, the address lines of the semiconductor memory and the control lines (read/write and enable) of the semiconductor memory are all available at the card output. Typically, such control signals will be directly available at the card contacts which are intended to interface with an external terminal. Even in the case where the card receives a serial message which is stored in a register or the like for coupling to a semiconductor memory, there is little security associated with the serial receiver or serial to parallel converter, and thus the terminals of the memory devices themselves can be considered as being available to the outside world. While smart cards having on-board microprocessors can provide the desired security, it has been found impractical to provide an effective amount of security for the on-board memory using only hard wired logic elements.
It will also be apparent that one can utilize such a semiconductor memory device in a terminal designed to accept it whether or not the individual possessing the card is indeed authorized to use it. There is no security check provided, it is simply necessary to couple the appropriate voltage levels or signals to the card, and the individual memory devices are directly addressed for writing or reading as desired.
Even without a compatible terminal, it is relatively easy to access the contents of the memory 4. It is simply necessary to couple power to the external power bus 11, appropriate control signals, address signals and data signals to the interface bus 40, and the internal memory is directly accessible. Thus, an unauthorized individual, even without access to a compatible terminal, can access the memory and read out information which had been intended to be secure. As a further example, an unauthorized individual can write information into the semiconductor memory, and a subsequent user will be unaware that the security of the stored information has been breached. If security is at all a factor in using a portable memory device, the limitations of the device illustrated in FIG. 7 will now be apparent.